{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/149"}, "properties": {"repository": "tukaani-project/xz", "repoUrl": "https://github.com/tukaani-project/xz.git", "branch": "master"}, "results": [{"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3925, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1560f5dac0aab189b2757bc5105d6bc8e9964387b67e065d91b4c08c13ea89f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/liblzma/check/crc32_table_le.h", "duplicate_line": 3, "correlation_key": "fp|c1560f5dac0aab189b2757bc5105d6bc8e9964387b67e065d91b4c08c13ea89f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/liblzma/lz/lz_encoder_hash_table.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3924, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b53609ebe260767398563ae09d7ea0a7ec0ac8fd674f78d896d5b2afd13e7f83", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/liblzma/common/stream_decoder.c", "duplicate_line": 48, "correlation_key": "fp|b53609ebe260767398563ae09d7ea0a7ec0ac8fd674f78d896d5b2afd13e7f83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/liblzma/common/stream_decoder_mt.c"}, "region": {"startLine": 423}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7d515bd875d5d4dbdb998a9f44b0bece0b7e3b6839e14054f1620f72daceb7f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/liblzma/common/block_buffer_decoder.c", "duplicate_line": 18, "correlation_key": "fp|7d515bd875d5d4dbdb998a9f44b0bece0b7e3b6839e14054f1620f72daceb7f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/liblzma/common/stream_buffer_decoder.c"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5607b4cf26ec992c4a42cc60df887c196d3b2491d9740490abe825c2776a0556", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt-core.h", "duplicate_line": 1, "correlation_key": "fp|5607b4cf26ec992c4a42cc60df887c196d3b2491d9740490abe825c2776a0556"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt_int.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fdc53586ef6bd33b53edb9af1fd5f49fed3892817e28543493b1fe441dacd46f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt-core.h", "duplicate_line": 2, "correlation_key": "fp|fdc53586ef6bd33b53edb9af1fd5f49fed3892817e28543493b1fe441dacd46f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt1.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "92c690254d04bda919e5d18501241aa5a108b438937c3af159855be84daa14d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt.c", "duplicate_line": 1, "correlation_key": "fp|92c690254d04bda919e5d18501241aa5a108b438937c3af159855be84daa14d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt1.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d79168ff3aafbd8c0fd8041700cc69c4e95fac024ef06109ec991e72c9cf0cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt-core.h", "duplicate_line": 2, "correlation_key": "fp|3d79168ff3aafbd8c0fd8041700cc69c4e95fac024ef06109ec991e72c9cf0cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "082f0bba35f95abf2a0b4e88bfca7829d47b16d761b3c2d186e452fb082e3f72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt-cdefs.h", "duplicate_line": 1, "correlation_key": "fp|082f0bba35f95abf2a0b4e88bfca7829d47b16d761b3c2d186e452fb082e3f72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt-pfx-ext.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29a67deabf0fd8175cf6347b68a9d27c81eb8086bcf829d54cc02020002539cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt-cdefs.h", "duplicate_line": 1, "correlation_key": "fp|29a67deabf0fd8175cf6347b68a9d27c81eb8086bcf829d54cc02020002539cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt-pfx-core.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55df4039cfc3d5cf4c9ea766700c6929c5d9f11ba4b7530d232e05654ddb4d0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/getopt-core.h", "duplicate_line": 1, "correlation_key": "fp|55df4039cfc3d5cf4c9ea766700c6929c5d9f11ba4b7530d232e05654ddb4d0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/getopt-ext.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 3915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fec29bde8f0265e0208f08b9ca8a5f1b3ef120aeea1aac8e9076eb4741dae429", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "debug/full_flush.c", "duplicate_line": 1, "correlation_key": "fp|fec29bde8f0265e0208f08b9ca8a5f1b3ef120aeea1aac8e9076eb4741dae429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "debug/sync_flush.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 3914, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 40950, "scanner": "repobility-threat-engine", "fingerprint": "47f180dc7c7587c10ffa12bea469bfa082eec1c864267cd1f24a91580b8b9933", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47f180dc7c7587c10ffa12bea469bfa082eec1c864267cd1f24a91580b8b9933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extra/scanlzma/scanlzma.c"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 40949, "scanner": "repobility-threat-engine", "fingerprint": "6b5464b9eea9329e40b5b83bf5a85afbb848c957c9719d94e4f7279195c0d1e0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b5464b9eea9329e40b5b83bf5a85afbb848c957c9719d94e4f7279195c0d1e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/xz/util.c"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 40948, "scanner": "repobility-threat-engine", "fingerprint": "a8cbbc030a123fa256e48777aa14dcd02550360bd64aed79ea9782935d0eb45a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8cbbc030a123fa256e48777aa14dcd02550360bd64aed79ea9782935d0eb45a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/tuklib_mbstr_wrap.c"}, "region": {"startLine": 277}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 40947, "scanner": "repobility-threat-engine", "fingerprint": "727e3cc8fe230b7a397bf3cc7f9b159b105cabb32063bd88726a344d116e34f3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|727e3cc8fe230b7a397bf3cc7f9b159b105cabb32063bd88726a344d116e34f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "debug/known_sizes.c"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40946, "scanner": "repobility-supply-chain", "fingerprint": "b53ed74bcd5900b963e2ded3dcecec165f02770c9d700a45199fb923dac78630", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b53ed74bcd5900b963e2ded3dcecec165f02770c9d700a45199fb923dac78630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/solaris.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 40945, "scanner": "repobility-supply-chain", "fingerprint": "b61c7d5c129b36568a1c14c35155199f28c5ba1f91b578aba8bf2c0f4181b51e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b61c7d5c129b36568a1c14c35155199f28c5ba1f91b578aba8bf2c0f4181b51e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cifuzz.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `google/oss-fuzz/infra/cifuzz/actions/run_fuzzers` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 40944, "scanner": "repobility-supply-chain", "fingerprint": "f0ede7d8f47f3fcc4e3e20b58c7d278d6874a7546aa46246a32bc4f184d89268", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0ede7d8f47f3fcc4e3e20b58c7d278d6874a7546aa46246a32bc4f184d89268"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cifuzz.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `google/oss-fuzz/infra/cifuzz/actions/build_fuzzers` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 40943, "scanner": "repobility-supply-chain", "fingerprint": "f14be4705a510490d093c52144405c55c9b7de9ae95d021aaefde791d248b3ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f14be4705a510490d093c52144405c55c9b7de9ae95d021aaefde791d248b3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cifuzz.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40942, "scanner": "repobility-supply-chain", "fingerprint": "e91f244fb4afad52176f3291ace4fe4da6b5685fa47ca918f284370a9809b8ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e91f244fb4afad52176f3291ace4fe4da6b5685fa47ca918f284370a9809b8ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dragonflybsd.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 40941, "scanner": "repobility-supply-chain", "fingerprint": "1a0cbc75e4e09be1523ac25db10df38aac845eb20cacb74636deb2a99a9a40a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a0cbc75e4e09be1523ac25db10df38aac845eb20cacb74636deb2a99a9a40a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40940, "scanner": "repobility-supply-chain", "fingerprint": "501abd0686be05e36e858afc111cd4f45e72c8703c61e19761210add2a1afacb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|501abd0686be05e36e858afc111cd4f45e72c8703c61e19761210add2a1afacb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40939, "scanner": "repobility-supply-chain", "fingerprint": "15b7a619be5199189158c16d43bc5be8b14b81fb66090f21f0e5ad229bd5e288", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15b7a619be5199189158c16d43bc5be8b14b81fb66090f21f0e5ad229bd5e288"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/haiku.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 40938, "scanner": "repobility-supply-chain", "fingerprint": "e1d2c1d07d9d13c1279792ee460be9005e01dec3636f233d7017d27b63b292ce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e1d2c1d07d9d13c1279792ee460be9005e01dec3636f233d7017d27b63b292ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/msys2.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40937, "scanner": "repobility-supply-chain", "fingerprint": "0eab104005cb16782cfcd7239987b541b4c629d913c89b8d386b98e8a67f052f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0eab104005cb16782cfcd7239987b541b4c629d913c89b8d386b98e8a67f052f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/msys2.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40936, "scanner": "repobility-supply-chain", "fingerprint": "0b8f344aba5551e54992fa180e2d4873e467528e73262290522cae9af829e42e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b8f344aba5551e54992fa180e2d4873e467528e73262290522cae9af829e42e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/freebsd.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40935, "scanner": "repobility-supply-chain", "fingerprint": "a04881f5c686de7fb66562f9d95543731e718e5a0ff203bc9232d7d716805065", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a04881f5c686de7fb66562f9d95543731e718e5a0ff203bc9232d7d716805065"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/netbsd.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40934, "scanner": "repobility-supply-chain", "fingerprint": "a274502a0049f52bd589316d8b3b5af8c87c2ec19858fb6d685d1b3bd65f06ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a274502a0049f52bd589316d8b3b5af8c87c2ec19858fb6d685d1b3bd65f06ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/msvc.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40933, "scanner": "repobility-supply-chain", "fingerprint": "9b5fb4df72b6786b531809c9e92ac360e1946f48646e06fdafe23c2b4d0d4b6d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b5fb4df72b6786b531809c9e92ac360e1946f48646e06fdafe23c2b4d0d4b6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/openbsd.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 40932, "scanner": "repobility-supply-chain", "fingerprint": "e94b0b46b04d13dbd457fff6e33d931c9e16ecdeb9021d4878c1d17036d1489d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e94b0b46b04d13dbd457fff6e33d931c9e16ecdeb9021d4878c1d17036d1489d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coverity.yml"}, "region": {"startLine": 15}}}]}]}]}